Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering OpenVPN

You're reading from   Mastering OpenVPN Master building and integrating secure private networks using OpenVPN

Arrow left icon
Product type Paperback
Published in Aug 2015
Publisher Packt
ISBN-13 9781783553136
Length 364 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Eric F Crist Eric F Crist
Author Profile Icon Eric F Crist
Eric F Crist
Jan Just Keijser Jan Just Keijser
Author Profile Icon Jan Just Keijser
Jan Just Keijser
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Introduction to OpenVPN 2. Point-to-point Mode FREE CHAPTER 3. PKIs and Certificates 4. Client/Server Mode with tun Devices 5. Advanced Deployment Scenarios in tun Mode 6. Client/Server Mode with tap Devices 7. Scripting and Plugins 8. Using OpenVPN on Mobile Devices and Home Routers 9. Troubleshooting and Tuning 10. Future Directions Index

Setting up the Public Key Infrastructure

In the client/server mode, OpenVPN is configured using a Public Key Infrastructure (PKI) with X.509 certificates and private keys. Before we can set up a client/server VPN, we need to set up this PKI first. The PKI comprises of the CA, the private keys, and the certificates (public keys) for both the client and server. In Chapter 3, PKIs and Certificates, we will discuss in detail how to set up such a PKI. This chapter builds upon the certificates and keys generated in that chapter.

First, we copy the certificate and keys to a separate location. In general, it is a good security practice to keep the PKI files in a separate location, if possible even on a separate computer. Special care should be taken to protect the ca.key file, as the entire security of your PKI is dependent on this file. If the ca.key file is compromised in any way, the entire PKI is rendered insecure, and should be abandoned. In the following commands, it is assumed that the PKI...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image